The Department of Health and Human Services conducts three types of audits or investigations involving privacy and security issues. But preparing for any of these inquiries requires similar steps, experts say.
Too many healthcare organizations conduct a HIPAA compliance assessment instead of a comprehensive risk analysis, says security specialist Dave Newell, who also points out other common mistakes.
The resumption of the HIPAA compliance audit program is on hold while regulators analyze pilot audit project results and implement the HIPAA Omnibus Rule, says Susan McAndrew of the HHS Office for Civil Rights.
The Cleveland Clinic is in continuous risk assessment mode, always on the lookout for emerging threats and vulnerabilities, says Mark Dill, director of information security. Learn about his top priorities.
John Stewart, chief security officer at network provider Cisco, says too many organizations develop IT security policies that are more complex than they need to be.
U.S. banks have been hit by a new wave of distributed-denial-of-service attacks, and experts say the botnet behind the attacks is getting stronger. Learn about the latest developments.
Our RSA panel features the NIST thought-leader responsible for its information risk publications along with top IT security practitioners who take NIST guidance and make it work. See how they do it.
The PATCO fraud case shows why banking institutions cannot rely on compliance to ensure security. In an RSA 2013 preview, attorney Joseph Burton discusses legal lessons from the PATCO settlement.
Highly publicized breaches at Facebook, Twitter, the New York Times and other organizations in recent weeks suggest there's a new normal in the cyberthreat arena. But the onetime head of U.S. CERT, Mischel Kwon, doesn't think so.
The call for an overarching federal cybersecurity strategy comes in the wake of findings from U.S.-CERT that federal agencies reported a nearly eight-fold increase in cyber-incidents over seven years.
Ron Ross, the NIST computer scientist who heads the initiative that is revising the guidance, characterizes the updated publication as the most comprehensive one since the initial catalogue of controls was issued in 2005.
Healthcare organizations have plenty of HIPAA Omnibus Rule compliance work to finish by the September deadline. But when it comes to getting outside help, it pays to do your homework.
A strategic security analyst from Mandiant, the company that's examining recent hacks from the inside, explains why such cyber-assaults will likely intensify under the leadership of China's new president, Xi Jinping.
The new, much more objective guidance for reporting breaches that's included in the HIPAA omnibus rule will result in an increase in notifications, predicts privacy law expert Marcy Wilder.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.